5 Simple Rules for WordPress Login Security

5 Simple Rules for WordPress Login Security

A successful WordPress security strategy should include steps to strengthen the WordPress login. In this post, we cover the five simple rules for better WordPress login security.

The great thing about WordPress is how it makes creating a website accessible to just about anyone. But with that accessibility comes predictability. Anyone with experience working with WordPress knows where changes to the site are made: via the wp-admin area. They even know where they need to go to access the wp-admin, the wp-login.php page.

By default, the WordPress login URL is the same for every WordPress site, and it doesn’t require any special permissions to access. That’s why the WordPress login page is the most attacked—and potentially vulnerable—part of any WordPress site.

Unfortunately, creating a bot that will roam the internet committing brute force attacks doesn’t require very much skill, and any beginner-level hacker can create one. Because attacks on the WordPress login page have a low barrier of entry, WordPress login security is crucial to secure any WordPress site.

By following these rules and using WordPress security best practices, you can avoid being vulnerable to common user login mistakes.

1. Use Strong Passwords

There is a lot of confusing and contradicting information about password security best practices on the internet. In an effort to clear up that confusion, let’s break down the basics of how using a strong password improves your WordPress security.

Whenever creating a password, the first item that you will want to consider is the length of the password. The list below shows the estimated time it takes to crack a password using a four-core i5 processor.

  • 7 characters will take .29 milliseconds to crack.
  • 8 characters will take 5 hours to crack.
  • 9 characters will take 5 days to crack.
  • 10 characters will take 4 months to crack
  • 11 characters will take 1 decade to crack
  • 12 characters will take 2 centuries to crack.

So as you can see, adding a single character to your password can significantly increase the security of your login.

A password that it is at least 12 characters long, random and includes a large pool of characters like “ISt8XXa!28X3” will make it very difficult to crack.

Unfortunately, some hackers are leveraging GPUs and stronger CPUs to decrease the amount of time needed to crack passwords. So to strengthen your logins, also be mindful of your password entropy. The higher the password entropy is, the more difficult the password will be to crack.

For example, based on just the length requirement, a password like “abcdefghijkl” is 12 characters, which is great and should take 200 years to crack. However, since the password uses sequential strings of letters, it makes



This article was written by Kristen Wright and originally published on WordPress News | iThemes Blog.

Disclosure: Some of the links in this post are "affiliate links." This means if you click on the link and purchase the product, We may receive an affiliate commission.

Leave a Comment

Your email address will not be published. Required fields are marked *

Show Your ❤️ Love! Like Us
Scroll to Top